Firewalls: NFS and firewalls

Firewalls
(March 1994)

Indexed By Thread: [Previous] [Next]

Subject:	NFS and firewalls
From:	"Rob Tanner" <tanner @ george . arc . nasa . gov>
Date:	Thu, 31 Mar 1994 07:09:11 -0800
To:	firewalls @ greatcircle . com

I am currently running a firewall made up of a dual homed host.  A
number of the users on the internal net are complaining about the two
step process to FTP (their assignments frequently require them to
"get" files from other hosts outside the firewall).  I have been asked
to set up a directory on the firewall machine that cn be NFS mounted
by those machines on the internal net. That seems to me that I would
be compromising the firewall in doing that.  Can it be done securely?

A thought that occurs to me is to have the firewall mount a directory
exported from one of the internal machines instead.  That way the NFS
host is still safely hidden behind the firewall.  Are there risks
involved in satisfying my user's request in this way?

Thanks,

-- Rob Tanner
   NASA Ames Research Center
   tanner @
 george .
 arc .
 nasa .
 gov

Indexed By Date	Previous:	Re: Cisco 3101 as a firewall From: Ray Hunter ECD <RHUNTER%ESOC . BITNET @ vm . gmd . de>
Indexed By Date	Next:	Re: WWW security considerations From: tog @ berlioz . nsc . com (Systems Administrator - Todd Glassey)
Indexed By Thread	Previous:	Re: Cisco 3101 as a firewall From: Ray Hunter ECD <RHUNTER%ESOC . BITNET @ vm . gmd . de>
Indexed By Thread	Next:	From: (nil)